Blog, news & updates

Cyber security best practices for small businesses

Unattended digital devices

Given that we are living in a technological revolution, you would be forgiven for thinking that the technology we’re using is safer from cyber threats. Whilst this is true to a certain extent, our increasing reliance on technology presents a window of opportunity for cyber criminals to launch an attack.

With that said, cyber security has rightly risen up the agenda of employers in recent years. With so many working practices being transitioned to an online solution, it is crucial that all organisations have a fundamental understanding of cyber security best practices. This will give businesses insight on how to best protect themselves from a cyber attack. 

Unfortunately, that isn’t always the case. In fact, our friends over at QMS conducted a survey of businesses on their own cyber security practices and found that 75.7% of the respondents reported that they now felt more open to attack. 

Which industries are most at threat of a cyber attack?

According to a report by Hiscox, one small business in the UK is successfully hacked every 19 seconds!

Any organisation that uses digital devices is theoretically at risk of a cyber attack, but the more technology an organisation uses, the more threat they are generally under.

In an article by CDNetworks, they look at some of the most vulnerable industries to cyber attacks and they focus their attention on healthcare, government agencies, energy, and higher education. However, the very first area they identify is small and medium-sized businesses.

What are the consequences of a cyber security breach for a small business?

A security breach can do untold damages to any organisation. However, small businesses will generally not have the same level of security as large businesses, leaving many SMBs feeling vulnerable.

Some major consequences of a security breach include:

  • Revenue loss
  • Reputational damage
  • Loss of intellectual property
  • Data breaches/leaks
  • Legal fees & fines

In order to avoid these consequences, SMBs must ensure that all of their staff are aware of the major cyber security threats they may face and how to best mitigate them.

What are the top cyber security threats faced by small businesses?

Here are some of the top cyber security threats faced by small businesses in 2022…


These attacks occur when a cyber criminal impersonates a trusted contact and entices a user to download a malicious file or click a malicious link, or give them access to sensitive information or other credentials.


A term for a malicious code, hackers use malware to gain access to networks, steal data, or delete data from a computer. Malware usually infect computers after being downloaded from a unsecure website or from a spam email.


This malicious software is designed to encrypt company data, meaning that it cannot be accessed. Typically, cyber criminals will ask the victimised company to pay a ransom in order to decrypt the data.

Weak passwords

Using easily guessed passwords, or using the same passwords for multiple accounts, can cause a person's accounts or data to become compromised.

Cyber security best practices for small businesses

It is essential that all organisations and their employees who use digital devices have a fundamental understanding of cyber security best practices. Here are some of the best practices surrounding cyber security that all small businesses should consider…

Have written cyber security policies

It is essential that all employees are on the same page when it comes to cyber security. By having all cyber security protocols documented in an accessible document, employees have no reason to be unfamiliar with your organisation's plan to combat cyber threats.

Use multi-factor identification

Multi-factor identification is a setting that can be used on a number of digital systems that requires the user to provide credentials given from a separate device to the one being used to sign in. Using the multi-factor identification settings on most major network and email products is simple to do and provides an extra layer of protection.

Install anti-malware software

Ransomware and malware both require software to be installed on a person's computer. Anti-malware software can prevent malicious software from being downloaded at all and act as an essential part of most organisation’s cyber security.

Educate employees

Most cyber attacks are as a result of human error, which highlights the importance of staff training. All members of staff that use a digital device must be given adequate training to ensure they understand their responsibilities, best practices, and work towards legislative compliance.

Don’t forget to check out our Cyber Security Checklist too! 

Online Cyber Security Awareness Training

We offer ​​a range of online Cyber Security & GDPR Training courses that are designed to help organisations of any size work towards compliance, improve cyber security awareness, and protect their business from cyber threats or data breaches.

Some of our most popular courses in this bundle include:

You can claim a free, no-obligation trial to any of the courses today! Alternatively, request a bespoke quote for your organisation and a member of our team will get in touch to discuss your cyber security training needs.

Online Cyber Security Awareness Training